ClawHub

iGOT Karmayogi Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is for automating iGOT coursework, but it gives the agent broad autonomous control over a logged-in government training account with too little confirmation.

Install only if you explicitly want an agent to operate your iGOT account end to end, including enrolling, watching course material, submitting quizzes/final assessments, and saving certificates. Review platform or employer rules first, supervise the browser session, avoid shell fallbacks unless trusted, and clear the saved state and browser profile when finished if you do not want the session or learning history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to run shell commands and perform local file operations outside the browser automation boundary, including reading and later deleting state files and invoking fallback commands like npx playwright. Expanding the skill from browser-only actions to host-level command execution increases the attack surface and can expose local data or enable unintended system changes if the instructions are triggered in the wrong context.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are overly broad and can cause the skill to activate for common requests related to iGOT, courses, certificates, or continuing coursework, even when the user did not intend full autonomous portal automation. In this skill, accidental invocation is especially dangerous because the workflow is designed to immediately continue actions, persist state, and perform coursework and assessments on the user's behalf with minimal oversight.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill is built to answer practice tests and final assessments autonomously, yet the skill description does not clearly warn users that it will complete evaluative coursework on their behalf. This is risky because it can violate platform rules, organizational training integrity, or user expectations, and the autonomous design reduces opportunities for informed consent before high-impact actions are taken.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill silently persists detailed course progress, course identifiers, module names, and timestamps to a local file after every action, and later stores certificates on disk, without making that behavior prominent in the skill description. Hidden persistence is dangerous because users may not realize training history and downloaded documents are being retained locally beyond the current session.

Ssd 3

Medium
Confidence
95% confidence
Finding
The state file captures detailed information about the user's learning activity, including course IDs, course names, module positions, actions taken, and timestamps, and it is updated after every action. Persistent local storage of account-derived activity data increases privacy risk, creates forensic residue on the host, and may expose sensitive government training information to other local users or processes.

Ssd 4

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to never stop, not ask for confirmation, and continue coursework unless a narrow stop condition occurs, which is a strong autonomy pattern that removes meaningful user oversight. In context, this is particularly dangerous because the subsequent phases include enrollment, media consumption, test-taking, and certificate retrieval on a government training portal, all of which are high-impact account actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal